Mercurial Repository: p/roundup/code: roundup/cgi/client.py comparison

comparison roundup/cgi/client.py @ 1002:1798d2fa9fec

Hack hack... . Lots of cleanup in the classic html (stylesheet, search page, index page, ...) . Reinstated searching, but not query saving yet . Filtering only allows sorting and grouping by one property - all backends now implement this behaviour. . Nosy list journalling turned off by default, everything else is on. . Added some convenience methods (reverse, propchanged, [item] accesses, ...) . Did I mention the stylesheet is much cleaner now? :)

author	Richard Jones <richard@users.sourceforge.net>
date	Sun, 01 Sep 2002 04:32:30 +0000
parents	55ab0c5b49f9
children	f89b8d32291b

comparison

equal deleted inserted replaced

-:7fea15e6cdfe
+:1798d2fa9fec
-# $Id: client.py,v 1.1 2002-08-30 08:28:44 richard Exp $
+# $Id: client.py,v 1.2 2002-09-01 04:32:30 richard Exp $
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
 """
 'edit':     'edititem_action',
 'new':      'newitem_action',
 'login':    'login_action',
 'logout':   'logout_action',
 'register': 'register_action',
+'search':   'search_action',
 }
 def handle_action(self):
 ''' Determine whether there should be an _action called.
 The action is defined by the form variable :action which
 "edit"      -> self.edititem_action
 "new"       -> self.newitem_action
 "login"     -> self.login_action
 "logout"    -> self.logout_action
 "register"  -> self.register_action
+"search"    -> self.search_action
 '''
 if not self.form.has_key(':action'):
 return None
 try:
 __file
 Create a file and attach it to the current node's
 "files" property. Attach the file to the message created from
 the __note if it's supplied.
 '''
-cn = self.classname
+cl = self.db.classes[self.classname]
-cl = self.db.classes[cn]
 # check permission
 userid = self.db.user.lookup(self.user)
-if not self.db.security.hasPermission('Edit', userid, cn):
+if not self.db.security.hasPermission('Edit', userid, self.classname):
 self.error_message.append(
-_('You do not have permission to edit %s' %cn))
+_('You do not have permission to edit %(classname)s' %
+self.__dict__))
+return
 # perform the edit
-props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
+try:
+props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
-# make changes to the node
-props = self._changenode(props)
+# make changes to the node
+props = self._changenode(props)
-# handle linked nodes
-self._post_editnode(self.nodeid)
+# handle linked nodes
+self._post_editnode(self.nodeid)
+except (ValueError, KeyError), message:
+self.error_message.append(_('Error: ') + str(message))
+return
 # commit now that all the tricky stuff is done
 self.db.commit()
 # and some nice feedback for the user
 message = _('file added')
 else:
 message = _('nothing changed')
 # redirect to the item's edit page
-raise Redirect, '%s/%s%s?:ok_message=%s'%(self.base, cn, self.nodeid,
+raise Redirect, '%s/%s%s?:ok_message=%s'%(self.base, self.classname,
-urllib.quote(message))
+self.nodeid,  urllib.quote(message))
 def newitem_action(self):
 ''' Add a new item to the database.
 This follows the same form as the edititem_action
 '''
 # check permission
-cn = self.classname
 userid = self.db.user.lookup(self.user)
-if not self.db.security.hasPermission('Edit', userid, cn):
+if not self.db.security.hasPermission('Edit', userid, self.classname):
 self.error_message.append(
-_('You do not have permission to create %s' %cn))
+_('You do not have permission to create %s' %self.classname))
 # XXX
 #        cl = self.db.classes[cn]
 #        if self.form.has_key(':multilink'):
 #            link = self.form[':multilink'].value
 # render the newly created item
 self.nodeid = nid
 # and some nice feedback for the user
-message = _('%(classname)s created ok')%{'classname': cn}
+message = _('%(classname)s created ok')%self.__dict__
+except (ValueError, KeyError), message:
+self.error_message.append(_('Error: ') + str(message))
+return
 except:
 # oops
 self.db.rollback()
 s = StringIO.StringIO()
 traceback.print_exc(None, s)
 self.error_message.append('<pre>%s</pre>'%cgi.escape(s.getvalue()))
+return
 # redirect to the new item's page
-raise Redirect, '%s/%s%s?:ok_message=%s'%(self.base, cn, nid,
+raise Redirect, '%s/%s%s?:ok_message=%s'%(self.base, self.classname,
-urllib.quote(message))
+nid,  urllib.quote(message))
 def genericedit_action(self):
 ''' Performs an edit of all of a class' items in one go.
 The "rows" CGI var defines the CSV-formatted entries for the
 class. New nodes are identified by the ID 'X' (or any other
 non-existent ID) and removed lines are retired.
 '''
 userid = self.db.user.lookup(self.user)
-if not self.db.security.hasPermission('Edit', userid):
+if not self.db.security.hasPermission('Edit', userid, self.classname):
 raise Unauthorised, _("You do not have permission to access"\
 " %(action)s.")%{'action': self.classname}
-w = self.write
+cl = self.db.classes[self.classname]
-cn = self.classname
-cl = self.db.classes[cn]
 idlessprops = cl.getprops(protected=0).keys()
 props = ['id'] + idlessprops
 # get the CSV module
 try:
 nodeid, values = values[0], values[1:]
 found[nodeid] = 1
 # confirm correct weight
 if len(idlessprops) != len(values):
-w(_('Not enough values on line %(line)s'%{'line':line}))
+message=(_('Not enough values on line %(line)s'%{'line':line}))
 return
 # extract the new values
 d = {}
 for name, value in zip(idlessprops, values):
 cl.retire(nodeid)
 message = _('items edited OK')
 # redirect to the class' edit page
-raise Redirect, '%s/%s?:ok_message=%s'%(self.base, cn,
+raise Redirect, '%s/%s?:ok_message=%s'%(self.base, self.classname,
 urllib.quote(message))
 def _changenode(self, props):
 ''' change the node based on the contents of the form
 '''
 designator, property = value.split(':')
 link, nodeid = hyperdb.splitDesignator(designator)
 link = self.db.classes[link]
 link.set(nodeid, **{property: nid})
+def search_action(self):
+''' Mangle some of the form variables.
+Set the form ":filter" variable based on the values of the
+filter variables - if they're set to anything other than
+"dontcare" then add them to :filter.
+'''
+# add a faked :filter form variable for each filtering prop
+props = self.db.classes[self.classname].getprops()
+for key in self.form.keys():
+if not props.has_key(key): continue
+if not self.form[key].value: continue
+self.form.value.append(cgi.MiniFieldStorage(':filter', key))
 def remove_action(self,  dre=re.compile(r'([^\d]+)(\d+)')):
 # XXX handle this !
 target = self.index_arg(':target')[0]
 m = dre.match(target)
 continue
 proptype = cl.properties[key]
 if isinstance(proptype, hyperdb.String):
 value = form[key].value.strip()
 elif isinstance(proptype, hyperdb.Password):
-value = password.Password(form[key].value.strip())
+value = form[key].value.strip()
+if not value:
+# ignore empty password values
+continue
+value = password.Password(value)
 elif isinstance(proptype, hyperdb.Date):
 value = form[key].value.strip()
 if value:
 value = date.Date(form[key].value.strip())
 else:

Mercurial > p > roundup > code

comparison roundup/cgi/client.py @ 1002:1798d2fa9fec